CREATE EVENT语句不适用于PDO?

时间:2020-10-15 00:18:20

标签: php mysql pdo prepared-statement

我似乎无法弄清楚我这个生命为什么CREATE EVENT语句不起作用。我可以从CLI直接将其等效项放入MariaDB,但是由于某种原因,它无法正常工作。

echo "unspaced, nexttime, ident, ttime<br />";

var_dump ($unspaced, $nexttime, $ident, $ttime);
echo "<br />";

$neweventstatement = $loginconn->prepare("CREATE EVENT :eventname ON SCHEDULE AT CURRENT_TIMESTAMP + :nexttime SECOND DO BEGIN UPDATE `tasks` SET ended = NULL WHERE id = :id AND created = :tasktime; END");
$neweventstatement->bindParam(':eventname', $unspaced, PDO::PARAM_STR);
$neweventstatement->bindParam(':nexttime', $nexttime, PDO::PARAM_INT);
$neweventstatement->bindParam(':id', $ident, PDO::PARAM_INT);
$neweventstatement->bindParam(':tasktime', $ttime, PDO::PARAM_STR);
$neweventstatement->execute();

产生以下输出:

unspaced, nexttime, ident, ttime
string(31) "t682020101400334320201014235504" int(300) int(68) string(19) "2020-10-14 00:33:43"

Error: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '? ON SCHEDULE AT CURRENT_TIMESTAMP + ? SECOND DO BEGIN UPDATE tasks SET ended = NULL' at line 1

我也尝试了类似的明显变体

CREATE EVENT :eventname ON SCHEDULE AT CURRENT_TIMESTAMP + :nexttime SECONDS DO BEGIN UPDATE `tasks` SET ended = NULL WHERE id = :id AND created = :tasktime; END
CREATE EVENT :eventname ON SCHEDULE AT CURRENT_TIMESTAMP + :nexttime SECOND DO UPDATE `tasks` SET ended = NULL WHERE id = :id AND created = :tasktime;
CREATE EVENT :eventname ON SCHEDULE AT CURRENT_TIMESTAMP + :nexttime SECOND DO BEGIN UPDATE `tasks` SET ended = NULL WHERE id = :id AND created = :tasktime; END
DELIMITER ^^ CREATE EVENT :eventname ON SCHEDULE AT CURRENT_TIMESTAMP + :nexttime SECOND DO BEGIN UPDATE `tasks` SET ended = NULL WHERE id = :id AND created = :tasktime; END ^^

但似乎没有任何作用。

我觉得我缺少明显的东西,但看不到。

编辑:出于某种原因,一个有胆识的人将其标记为“为什么不准备我准备的陈述式作为表名”的副本。不是。我已经对其进行了编辑,以明确问题所在。如下所述,问题是CREATE EVENT不能是准备好的陈述。

1 个答案:

答案 0 :(得分:1)

mysql手册中prepared statements的部分包含在准备好的语句中使用的SQL语句的列表。 CREATE EVENT语句未包含在此列表中,因此您不能将其用作准备好的语句。

您必须通过字符串连接创建sql语句并照此执行。您必须添加更多检查,以确保这不会导致sql注入漏洞。

相关问题
最新问题